WEP Cracking

From ivc wiki
Revision as of 22:56, 25 August 2009 by Ivc (talk | contribs)
Jump to navigationJump to search

WEP is infamously known as the broken wireless security protocol. A design flaw was discovered in 2001 and after several cascading discoveries it's now possible to crack a WEP protected network within minutes. WPA is the successor to WEP and features a better but not perfect security protocol.

Background

There are now many sources that describe the vulnerability in detail and APR replay to generate traffic, but this is a short summary. Simplified explanation.

  • WEP encryption: 24-bit unencrypted initialization vector + 104-bit key (13 characters/bytes), 128-bit key -> Used to generate RC4 cipher stream -> XOR the message -> Encrypted packets
  • ARP replay: On the basis that the first 12-bytes of ARP packets always stays the same -> Capture one ARP packet -> Inject back to into the network to stimulate traffic -> XOR back first 12-bytes of each ARP packet -> After 10-20000 packets enough small piece, 12-bytes, of the pseudorandom RC4 stream cipher is gathered
  • Key crack: Use the collected data to gain a factor for statistical find each byte in the final 104-bit (13 character) key -> Try to decrypt captured data to verify key

References